Revert "remove network policies for now"

This reverts commit 665de9090a.
2024-06-09 14:19:45 +10:00
parent e94c276611
commit f3e452ab15
13 changed files with 241 additions and 1 deletions
--- a/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/egress-kubeapi.yaml
+++ b/kubernetes/rpi5-cluster/apps/cilium/networkpolicies/egress-kubeapi.yaml
@@ -0,0 +1,21 @@
+apiVersion: cilium.io/v2
+kind: CiliumClusterwideNetworkPolicy
+metadata:
+  name: egress-kubeapi
+spec:
+  endpointSelector:
+    matchLabels:
+      rpi5.cluster.policy/egress-kubeapi: "true"
+  egress:
+    - toEntities:
+        - host
+        - remote-node
+      toPorts:
+        - ports:
+            - port: "6443"
+    - toEntities:
+        - kube-apiserver
+      toPorts:
+        - ports:
+            - port: "443"
+            - port: "6443"